[RFC] Project Wide Password Manager

17 views
Skip to first unread message

Bob Killen

unread,
Oct 19, 2020, 8:12:18 PM10/19/20
to kubernetes-sig-contribex
Hey there all,

We've had an uptick in requests for a project wide method of securely sharing credentials e.g. zoom creds. This has been a long-standing issue[1]. These days the CNCF is suggesting keybase[2], but with our size and structure it probably wouldn't work out well. =/

1password allows any Open Source project[3] to use their teams service for free - All that is needed is opening a PR against their Open Source Teams list and establishing a set of owners.

Owners wise, one thought was to suggest SC1/SC2/SC as owners, with contributor@ or a TBD set of folk defined as the administrators and those will do the actual provisioning/management of the team.

What are folks thoughts on this idea? Is 1password's security sufficient? Are there any others we're overlooking? Would proposing SC1/SC2/SC3 as owners be ideal?

Lets try and get this discussed by the end of the week.

Thanks all!

- Bob

Josh Berkus

unread,
Oct 19, 2020, 9:23:01 PM10/19/20
to Bob Killen, kubernetes-sig-contribex
On 10/19/20 5:12 PM, Bob Killen wrote:
>
> Owners wise, one thought was to suggest SC1/SC2/SC as owners, with
> contributor@ or a TBD set of folk defined as the administrators and
> those will do the actual provisioning/management of the team.

I don't think that'll work. Folks should be using 2FA for the password
manager, and that means tying accounts to real people.

Given that, I think it makes more sense to nominate a few people from
the Infra team to be admins.

--
--
Josh Berkus
Kubernetes Community
Red Hat OSPO

Paris Pittman

unread,
Oct 19, 2020, 9:27:38 PM10/19/20
to Josh Berkus, Bob Killen, kubernetes-sig-contribex
> SC1/SC2/SC

There are individual folks behind these three accounts
> --
> You received this message because you are subscribed to the Google Groups "kubernetes-sig-contribex" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-con...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-contribex/87e44d1b-6b03-28d8-8343-356b313512bb%40redhat.com.

Reply all
Reply to author
Forward
0 new messages